Are Hackathons & Bug Bounties the Answer to Cyber Crime?
The combined talent shortage along with the proliferation of technology and an avalanche of data have created a goldmine for cyber criminals. With more than 40 percent of CEOs highlighting cyber threats as a top concern, businesses are left scrambling to keep afloat as technology continues to develop at an impossible rate.
This cycle of catch up leaves businesses focussing on immediate threats and makes them vulnerable and unequipped to implement long term cyber solutions. Simply put, this reactive approach to cyber security is leaving businesses vulnerable to attack.
These stresses raise the question; will the cyber security industry ever catch up to cyber crime?
This is where ‘crowd-sourcing’ security comes in.
Hackathons are a collaborative event that gives ethical hackers, also known as white hat hackers, the opportunity to test and expose a company’s network vulnerabilities. These competitions look beyond immediate threats to vulnerabilities unknown to companies all together.
These events are emerging globally, proving their value for businesses and growing in popularity within the industry. This crowd sourcing approach to cybersecurity has proven to be an innovative ground for new ideas. Fresh perspectives from external sources have continually yielded results for businesses of all sizes. The U.S. Government’s ‘Hack the Pentagon’ program saw thousands of vulnerabilities in the Pentagon’s software infrastructure uncovered - the first of which was discovered in the first thirteen minutes of the competition.
Another approach to hackathons is to host one at an internal company event, which is equally as successful as the external counterparts if there are cyber experts within the company. These internal competitions force larger companies to accept innovation and creative thought across seniority levels whilst unshackling ‘corporate bureaucracy’ that might typically stifle such innovation. With more companies recognising gender equality as a major key, female-only hackathons are another internal approach popping up for big name firms like PwC.
Bug bounty programs, like hackathons, are another solution used by global powerhouses like Apple, Google and Microsoft. Like hackathons, the main draw card to these programs is that they lend more eyes to searching for vulnerabilities that companies, even those with established internal IT teams, overlook. Google is among companies using bug bounty programs and have paid out over $12 million in rewards since implementing their Chrome Vulnerability Reward Program in 2010, whilst Facebook bounties have exceeded $6 million in rewards since 2011.
Beyond providing a fresh perspective, these programs are incredibly cost effective when compared to other options like cybersec audits and penetration testing. They also give ethical hackers the chance to build their reputation whilst gaining monetary rewards. However, it should be noted these tools should be implemented as a cost-effective addition and not entirely replace rigorous cyber testing.
Are these events able to address the growing burden of cybercrime entirely? Perhaps not, but they are a step in the right direction for cyber security. The resounding advice from experts is that they are a worthwhile tool and a great way to source talent, but they should not be the only cyber security measure in place.